Commit 1ab96a37 authored by Tristan Seligmann's avatar Tristan Seligmann

Import python-cryptography_2.2.2.orig.tar.gz

parent 21713e95
......@@ -37,3 +37,6 @@ PGP key fingerprints are enclosed in parentheses.
* Ofek Lev <ofekmeister@gmail.com> (FFB6 B92B 30B1 7848 546E 9912 972F E913 DAD5 A46E)
* Erik Daguerre <fallenwolf@wolfthefallen.com>
* Aviv Palivoda <palaviv@gmail.com>
* Chris Wolfe <chriswwolfe@gmail.com>
* Jeremy Lainé <jeremy.laine@m4x.org>
* Denis Gladkikh <denis@gladkikh.email>
Changelog
=========
.. _v2-2-2:
2.2.2 - 2018-03-27
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux1`` wheels to be compiled with
OpenSSL 1.1.0h.
.. _v2-2-1:
2.2.1 - 2018-03-20
~~~~~~~~~~~~~~~~~~
* Reverted a change to ``GeneralNames`` which prohibited having zero elements,
due to breakages.
* Fixed a bug in
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was
zero.
.. _v2-2:
2.2 - 2018-03-19
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 2.6 has been dropped.
* Resolved a bug in ``HKDF`` that incorrectly constrained output size.
* Added :class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
:meth:`~cryptography.fernet.MultiFernet.rotate`.
* Fixed a memory leak in
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for AES key wrapping with padding via
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding`
and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
.
* Allow loading DSA keys with 224 bit ``q``.
.. _v2-1-4:
......@@ -42,13 +83,15 @@ Changelog
* **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and
``UnsupportedExtension`` have been removed in accordance with our
:doc:`/api-stability` policy.
* **BACKWARDS INCOMPATIBLE:** :attr:`~cryptography.x509.DNSName.value`,
:attr:`~cryptography.x509.RFC822Name.value`, and
:attr:`~cryptography.x509.UniformResourceIdentifier.value` will now return
an :term:`A-label` string when parsing a certificate containing an
internationalized domain name (IDN) or if the caller passed a :term:`U-label`
to the constructor. See below for additional deprecations related to this
change.
* **BACKWARDS INCOMPATIBLE:**
:attr:`DNSName.value <cryptography.x509.DNSName.value>`,
:attr:`RFC822Name.value <cryptography.x509.RFC822Name.value>`, and
:attr:`UniformResourceIdentifier.value
<cryptography.x509.UniformResourceIdentifier.value>`
will now return an :term:`A-label` string when parsing a certificate
containing an internationalized domain name (IDN) or if the caller passed
a :term:`U-label` to the constructor. See below for additional deprecations
related to this change.
* Installing ``cryptography`` now requires ``pip`` 6 or newer.
* Deprecated passing :term:`U-label` strings to the
:class:`~cryptography.x509.DNSName`,
......
......@@ -3,5 +3,4 @@ found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
under the terms of *both* these licenses.
The code used in the OpenSSL locking callback and OS random engine is derived
from the same in CPython itself, and is licensed under the terms of the PSF
License Agreement.
from CPython, and is licensed under the terms of the PSF License Agreement.
Metadata-Version: 1.1
Metadata-Version: 2.1
Name: cryptography
Version: 2.1.4
Version: 2.2.2
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
Author-email: cryptography-dev@python.org
License: BSD or Apache License, Version 2.0
Description-Content-Type: UNKNOWN
Description: pyca/cryptography
=================
......@@ -27,7 +26,7 @@ Description: pyca/cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
standard library". It supports Python 2.6-2.7, Python 3.4+, and PyPy 5.3+.
standard library". It supports Python 2.7, Python 3.4+, and PyPy 5.3+.
``cryptography`` includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests, and
......@@ -66,11 +65,18 @@ Description: pyca/cryptography
You can also join ``#cryptography-dev`` on Freenode to ask questions or get
involved.
Security
~~~~~~~~
Need to report a security issue? Please consult our `security reporting`_
documentation.
.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`security reporting`: https://cryptography.io/en/latest/security/
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
......@@ -84,7 +90,6 @@ Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: Microsoft :: Windows
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
......@@ -93,3 +98,8 @@ Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*
Provides-Extra: docs
Provides-Extra: docstest
Provides-Extra: pep8test
Provides-Extra: test
......@@ -18,7 +18,7 @@ pyca/cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
standard library". It supports Python 2.6-2.7, Python 3.4+, and PyPy 5.3+.
standard library". It supports Python 2.7, Python 3.4+, and PyPy 5.3+.
``cryptography`` includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests, and
......@@ -57,8 +57,15 @@ We maintain a `cryptography-dev`_ mailing list for development discussion.
You can also join ``#cryptography-dev`` on Freenode to ask questions or get
involved.
Security
~~~~~~~~
Need to report a security issue? Please consult our `security reporting`_
documentation.
.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`security reporting`: https://cryptography.io/en/latest/security/
......@@ -34,18 +34,34 @@ One exception to our API stability policy is for security. We will violate this
policy as necessary in order to resolve a security issue or harden
``cryptography`` against a possible attack.
Versioning
----------
This project uses a custom versioning scheme as described below.
Given a version ``cryptography X.Y.Z``,
* ``X.Y`` is a decimal number that is incremented for
potentially-backwards-incompatible releases.
* This increases like a standard decimal.
In other words, 0.9 is the ninth release, and 1.0 is the tenth (not 0.10).
The dividing decimal point can effectively be ignored.
* ``Z`` is an integer that is incremented for backward-compatible releases.
Deprecation
-----------
~~~~~~~~~~~
From time to time we will want to change the behavior of an API or remove it
entirely. In that case, here's how the process will work:
* In ``cryptography X.Y`` the feature exists.
* In ``cryptography X.Y+1`` using that feature will emit a
``PendingDeprecationWarning``.
* In ``cryptography X.Y+2`` using that feature will emit a
``DeprecationWarning``.
* In ``cryptography X.Y+3`` the feature will be removed or changed.
* In ``cryptography X.Y + 0.1`` using that feature will emit a
``UserWarning``.
* In ``cryptography X.Y + 0.2`` using that feature will emit a
``UserWarning``.
* In ``cryptography X.Y + 0.3`` the feature will be removed or changed.
In short, code that runs without warnings will always continue to work for a
period of two releases.
......
......@@ -5,8 +5,7 @@
from __future__ import absolute_import, division, print_function
from docutils import nodes
from sphinx.util.compat import Directive
from docutils.parsers.rst import Directive
DANGER_MESSAGE = """
......
......@@ -3,7 +3,7 @@ package main
import (
"bufio"
"bytes"
"code.google.com/p/go.crypto/cast5"
"golang.org/x/crypto/cast5"
"crypto/cipher"
"encoding/hex"
"fmt"
......
HKDF vector creation
====================
This page documents the code that was used to generate a longer
HKDF test vector (1200 bytes) than is available in RFC 5869. All
the vectors were generated using OpenSSL and verified with Go.
Creation
--------
The following Python script was run to generate the vector files.
.. literalinclude:: /development/custom-vectors/hkdf/generate_hkdf.py
Download link: :download:`generate_hkdf.py
</development/custom-vectors/hkdf/generate_hkdf.py>`
Verification
------------
The following Go code was used to verify the vectors.
.. literalinclude:: /development/custom-vectors/hkdf/verify_hkdf.go
:language: go
Download link: :download:`verify_hkdf.go
</development/custom-vectors/hkdf/verify_hkdf.go>`
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import binascii
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
IKM = binascii.unhexlify(b"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b")
L = 1200
OKM = HKDF(
algorithm=hashes.SHA256(), length=L, salt=None, info=None,
backend=default_backend()
).derive(IKM)
def _build_vectors():
output = []
output.append("COUNT = 0")
output.append("Hash = SHA-256")
output.append("IKM = " + binascii.hexlify(IKM).decode("ascii"))
output.append("salt = ")
output.append("info = ")
output.append("L = {}".format(L))
output.append("OKM = " + binascii.hexlify(OKM).decode("ascii"))
return "\n".join(output)
def _write_file(data, filename):
with open(filename, 'w') as f:
f.write(data)
if __name__ == '__main__':
_write_file(_build_vectors(), 'hkdf.txt')
package main
import (
"bufio"
"bytes"
"crypto/sha256"
"encoding/hex"
"fmt"
"golang.org/x/crypto/hkdf"
"io"
"os"
"strconv"
"strings"
)
func unhexlify(s string) []byte {
bytes, err := hex.DecodeString(s)
if err != nil {
panic(err)
}
return bytes
}
func verifier(l uint64, ikm, okm []byte) bool {
hash := sha256.New
hkdf := hkdf.New(hash, ikm, nil, nil)
okmComputed := make([]byte, l)
io.ReadFull(hkdf, okmComputed)
return bytes.Equal(okmComputed, okm)
}
func validateVectors(filename string) bool {
vectors, err := os.Open(filename)
if err != nil {
panic(err)
}
defer vectors.Close()
var segments []string
var l uint64
var ikm, okm string
scanner := bufio.NewScanner(vectors)
for scanner.Scan() {
segments = strings.Split(scanner.Text(), " = ")
switch {
case strings.ToUpper(segments[0]) == "L":
l, err = strconv.ParseUint(segments[1], 10, 64)
if err != nil {
panic(err)
}
case strings.ToUpper(segments[0]) == "IKM":
ikm = segments[1]
case strings.ToUpper(segments[0]) == "OKM":
okm = segments[1]
}
}
return verifier(l, unhexlify(ikm), unhexlify(okm))
}
func main() {
if validateVectors("vectors/cryptography_vectors/KDF/hkdf-generated.txt") {
fmt.Println("HKDF OK.")
} else {
fmt.Println("HKDF failed.")
os.Exit(1)
}
}
......@@ -75,10 +75,9 @@ each supported Python version and run the tests. For example:
$ tox
...
ERROR: py26: InterpreterNotFound: python2.6
py27: commands succeeded
ERROR: pypy: InterpreterNotFound: pypy
py33: commands succeeded
py34: commands succeeded
docs: commands succeeded
pep8: commands succeeded
......
......@@ -129,6 +129,8 @@ Key exchange
``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.der`` contains
are the above parameters and keys in DER format.
* ``vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt`` contains
Brainpool vectors from :rfc:`7027`.
X.509
~~~~~
......@@ -402,7 +404,6 @@ Hashes
* RIPEMD160 from the `RIPEMD website`_.
* SHA1 from `NIST CAVP`_.
* SHA2 (224, 256, 384, 512) from `NIST CAVP`_.
* Whirlpool from the `Whirlpool website`_.
* Blake2s and Blake2b from OpenSSL `test/evptests.txt`_.
HMAC
......@@ -427,6 +428,7 @@ Key wrapping
~~~~~~~~~~~~
* AES key wrap (AESKW) and 3DES key wrap test vectors from `NIST CAVP`_.
* AES key wrap with padding vectors from `Botan's key wrap vectors`_.
Recipes
~~~~~~~
......@@ -477,8 +479,8 @@ Creating test vectors
When official vectors are unavailable ``cryptography`` may choose to build
its own using existing vectors as source material.
Custom Symmetric Vectors
~~~~~~~~~~~~~~~~~~~~~~~~
Created Vectors
~~~~~~~~~~~~~~~
.. toctree::
:maxdepth: 1
......@@ -487,6 +489,8 @@ Custom Symmetric Vectors
custom-vectors/cast5
custom-vectors/idea
custom-vectors/seed
custom-vectors/hkdf
If official test vectors appear in the future the custom generated vectors
should be discarded.
......@@ -512,7 +516,6 @@ header format (substituting the correct information):
.. _`BoringSSL ChaCha20Poly1305 tests`: https://boringssl.googlesource.com/boringssl/+/2e2a226ac9201ac411a84b5e79ac3a7333d8e1c9/crypto/cipher_extra/test/chacha20_poly1305_tests.txt
.. _`BoringSSL evp tests`: https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt
.. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
.. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238
......@@ -539,3 +542,4 @@ header format (substituting the correct information):
.. _`unknown signature OID`: https://bugzilla.mozilla.org/show_bug.cgi?id=405966
.. _`botan`: https://github.com/randombit/botan/blob/57789bdfc55061002b2727d0b32587612829a37c/src/tests/data/pubkey/dh.vec
.. _`DHKE`: https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl
.. _`Botan's key wrap vectors`: https://github.com/randombit/botan/blob/737f33c09a18500e044dca3e2ae13bd2c08bafdd/src/tests/data/keywrap/nist_key_wrap.vec
[parsers]
smart_quotes: no
......@@ -84,6 +84,13 @@ earlier the default compiler is extremely old. Use ``pkg_add`` to install a
newer ``gcc`` and then install ``cryptography`` using
``CC=/path/to/newer/gcc pip install cryptography``.
Installing ``cryptography`` fails with ``Invalid environment marker: python_version < '3'``
-------------------------------------------------------------------------------------------
Your ``pip`` and/or ``setuptools`` are outdated. Please upgrade to the latest
versions with ``pip install -U pip setuptools`` (or on Windows
``python -m pip install -U pip setuptools``).
Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails
---------------------------------------------------------
......
......@@ -86,7 +86,8 @@ has support for implementing key rotation via :class:`MultiFernet`.
.. versionadded:: 0.7
This class implements key rotation for Fernet. It takes a ``list`` of
:class:`Fernet` instances, and implements the same API:
:class:`Fernet` instances and implements the same API with the exception
of one additional method: :meth:`MultiFernet.rotate`:
.. doctest::
......@@ -109,6 +110,50 @@ has support for implementing key rotation via :class:`MultiFernet`.
the front of the list to start encrypting new messages, and remove old keys
as they are no longer needed.
Token rotation as offered by :meth:`MultiFernet.rotate` is a best practice
and manner of cryptographic hygiene designed to limit damage in the event of
an undetected event and to increase the difficulty of attacks. For example,
if an employee who had access to your company's fernet keys leaves, you'll
want to generate new fernet key, rotate all of the tokens currently deployed
using that new key, and then retire the old fernet key(s) to which the
employee had access.
.. method:: rotate(msg)
.. versionadded:: 2.2
Rotates a token by re-encrypting it under the :class:`MultiFernet`
instance's primary key. This preserves the timestamp that was originally
saved with the token. If a token has successfully been rotated then the
rotated token will be returned. If rotation fails this will raise an
exception.
.. doctest::
>>> from cryptography.fernet import Fernet, MultiFernet
>>> key1 = Fernet(Fernet.generate_key())
>>> key2 = Fernet(Fernet.generate_key())
>>> f = MultiFernet([key1, key2])
>>> token = f.encrypt(b"Secret message!")
>>> token
'...'
>>> f.decrypt(token)
'Secret message!'
>>> key3 = Fernet(Fernet.generate_key())
>>> f2 = MultiFernet([key3, key1, key2])
>>> rotated = f2.rotate(token)
>>> f2.decrypt(rotated)
'Secret message!'
:param bytes msg: The token to re-encrypt.
:returns bytes: A secure message that cannot be read or altered without
the key. This is URL-safe base64-encoded. This is referred to as a
"Fernet token".
:raises cryptography.fernet.InvalidToken: If a ``token`` is in any
way invalid this exception is raised.
:raises TypeError: This exception is raised if the ``msg`` is not
``bytes``.
.. class:: InvalidToken
......
......@@ -19,12 +19,16 @@ Exchange Algorithm
~~~~~~~~~~~~~~~~~~
For most applications the ``shared_key`` should be passed to a key
derivation function.
derivation function. This allows mixing of additional information into the
key, derivation of multiple keys, and destroys any structure that may be
present.
.. code-block:: pycon
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import dh
>>> from cryptography.hazmat.primitives.kdf.hkdf import HKDF
>>> # Generate some parameters. These can be reused.
>>> parameters = dh.generate_parameters(generator=2, key_size=2048,
... backend=default_backend())
......@@ -36,11 +40,26 @@ derivation function.
>>> # must agree on a common set of parameters.
>>> peer_public_key = parameters.generate_private_key().public_key()
>>> shared_key = private_key.exchange(peer_public_key)
>>> # Perform key derivation.
>>> derived_key = HKDF(
... algorithm=hashes.SHA256(),
... length=32,
... salt=None,
... info=b'handshake data',
... backend=default_backend()
... ).derive(shared_key)
>>> # For the next handshake we MUST generate another private key, but
>>> # we can reuse the parameters.
>>> private_key_2 = parameters.generate_private_key()
>>> peer_public_key_2 = parameters.generate_private_key().public_key()
>>> shared_key_2 = private_key_2.exchange(peer_public_key_2)
>>> derived_key_2 = HKDF(
... algorithm=hashes.SHA256(),
... length=32,
... salt=None,
... info=b'handshake data',
... backend=default_backend()
... ).derive(shared_key_2)
DHE (or EDH), the ephemeral form of this exchange, is **strongly
preferred** over simple DH and provides `forward secrecy`_ when used. You must
......@@ -68,7 +87,7 @@ Group parameters
.. function:: generate_parameters(generator, key_size, backend)
.. versionadded:: 0.9
.. versionadded:: 1.7
Generate a new DH parameter group for use with ``backend``.
......@@ -89,13 +108,11 @@ Group parameters
.. class:: DHParameters
.. versionadded:: 0.9
.. versionadded:: 1.7
.. method:: generate_private_key()
.. versionadded:: 0.9
Generate a DH private key. This method can be used to generate many
new private keys from a single set of parameters.
......@@ -130,7 +147,7 @@ Group parameters
.. class:: DHParametersWithSerialization
.. versionadded:: 0.9
.. versionadded:: 1.7
Alias for :class:`DHParameters`.
......@@ -140,7 +157,7 @@ Key interfaces
.. class:: DHPrivateKey
.. versionadded:: 0.9
.. versionadded:: 1.7
A DH private key that is not an :term:`opaque key` also implements
:class:`DHPrivateKeyWithSerialization` to provide serialization methods.
......@@ -173,7 +190,7 @@ Key interfaces
.. class:: DHPrivateKeyWithSerialization
.. versionadded:: 0.9
.. versionadded:: 1.7
This interface contains additional methods relating to serialization.
Any object with this interface also has all the methods from
......@@ -215,7 +232,7 @@ Key interfaces
.. class:: DHPublicKey
.. versionadded:: 0.9
.. versionadded:: 1.7
.. attribute:: key_size
......@@ -254,7 +271,7 @@ Key interfaces
.. class:: DHPublicKeyWithSerialization
.. versionadded:: 0.9
.. versionadded:: 1.7
Alias for :class:`DHPublicKey`.
......
......@@ -226,12 +226,16 @@ Elliptic Curve Key Exchange algorithm
in NIST publication `800-56A`_, and later in `800-56Ar2`_.
For most applications the ``shared_key`` should be passed to a key
derivation function.
derivation function. This allows mixing of additional information into the
key, derivation of multiple keys, and destroys any structure that may be
present.
.. doctest::
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import ec
>>> from cryptography.hazmat.primitives.kdf.hkdf import HKDF
>>> # Generate a private key for use in the exchange.
>>> private_key = ec.generate_private_key(
... ec.SECP384R1(), default_backend()
......@@ -243,6 +247,14 @@ Elliptic Curve Key Exchange algorithm
... ec.SECP384R1(), default_backend()
... ).public_key()
>>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key)
>>> # Perform key derivation.
>>> derived_key = HKDF(
... algorithm=hashes.SHA256(),
... length=32,
... salt=None,
... info=b'handshake data',
... backend=default_backend()
... ).derive(shared_key)
>>> # For the next handshake we MUST generate another private key.
>>> private_key_2 = ec.generate_private_key(
... ec.SECP384R1(), default_backend()
......@@ -251,6 +263,13 @@ Elliptic Curve Key Exchange algorithm
... ec.SECP384R1(), default_backend()
... ).public_key()
>>> shared_key_2 = private_key_2.exchange(ec.ECDH(), peer_public_key_2)
>>> derived_key_2 = HKDF(
... algorithm=hashes.SHA256(),
... length=32,
... salt=None,
... info=b'handshake data',
... backend=default_backend()
... ).derive(shared_key_2)
ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly
preferred** over simple ECDH and provides `forward secrecy`_ when used.
......@@ -395,6 +414,28 @@ All named curves are instances of :class:`EllipticCurve`.
SECG curve ``secp256k1``.
.. class:: BrainpoolP256R1
.. versionadded:: 2.2
Brainpool curve specified in :rfc:`5639`. These curves are discouraged
for new systems.
.. class:: BrainpoolP384R1
.. versionadded:: 2.2
Brainpool curve specified in :rfc:`5639`. These curves are discouraged
for new systems.
.. class:: BrainpoolP512R1
.. versionadded:: 2.2
Brainpool curve specified in :rfc:`5639`. These curves are discouraged
for new systems.
Key Interfaces
~~~~~~~~~~~~~~
......@@ -453,8 +494,10 @@ Key Interfaces
Performs a key exchange operation using the provided algorithm with
the peer's public key.
For most applications the result should be passed to a key derivation
function.
For most applications the ``shared_key`` should be passed to a key
derivation function. This allows mixing of additional information into the
key, derivation of multiple keys, and destroys any structure that may be
present.
:param algorithm: The key exchange algorithm, currently only
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH` is
......
......@@ -23,13 +23,13 @@ private key is able to decrypt it.
.. toctree::
:maxdepth: 1
dsa
x25519
ec
rsa
dh
dsa
serialization
utils
x25519
.. _`proof of identity`: https://en.wikipedia.org/wiki/Public-key_infrastructure
......@@ -64,6 +64,7 @@ markers), you can load it:
.. code-block:: pycon
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import serialization
>>> with open("path/to/key.pem", "rb") as key_file:
......@@ -246,8 +247,8 @@ options. Here's an example using a secure padding and hash function:
>>> ciphertext = public_key.encrypt(
... message,